I ran into this recently, when booting a VM that hadn't been turned on in awhile. I'm guessing the system came up from a saved state, as I typically don't shut my VMs completely down.

When the system came up, I noted that the time was incorrect. So, to resolve this, I naturally went to the Date & Time settings and tried to force an Internet Time synch. The computer returned an error to me then, stating that the date was incorrect and it could not synchronize the time until the date was rectified.

Why is this necessary? If the system can discover that the date is incorrect, what is limiting it from synchronizing the date as part of the same operation in which it does the time?

3 Answers
3

what is limiting it from synchronizing the date as part of the same operation in which it does the time?

You assume that your network time server will always be authoritative. If an attacker can hijack your computer's requests to the time server then they can set a date in the past or future and this weakens the Kerberos security model.

The basic rational is to protect your computer against a rogue time server:

At first glance, you might think that
the server is attempting to defend
itself against a client whose time is
set incorrectly, but actually the
potential attack is in reverse: Your
computer is protecting itself against
a rogue time server.